mcp4openapi 0.2.7 → 0.3.0

package/dist/src/{mcp-server.js → mcp/mcp-server.js}

@@ -7,37 +7,221 @@
 import { Server } from '@modelcontextprotocol/sdk/server/index.js';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
 import { CallToolRequestSchema, ListToolsRequestSchema, } from '@modelcontextprotocol/sdk/types.js';
-import { OpenAPIParser } from './openapi-parser.js';
-import { ProfileLoader } from './profile-loader.js';
-import { ToolGenerator } from './tool-generator.js';
-import { CompositeExecutor } from './composite-executor.js';
-import { ProxyDownloadExecutor } from './proxy-executor.js';
-import { ConfigurationError, OperationNotFoundError, ValidationError, AuthenticationError, AuthorizationError, RateLimitError, NetworkError, generateCorrelationId } from './errors.js';
-import { TIMEOUTS, OAUTH_RATE_LIMIT } from './constants.js';
-import { HttpClientFactory } from './http-client-factory.js';
-import { SchemaValidator } from './schema-validator.js';
-import { ConsoleLogger, JsonLogger } from './logger.js';
-import { isInitializeRequest, isToolCallRequest } from './jsonrpc-validator.js';
-import { generateNameWarnings } from './naming-warnings.js';
-import { NamingStrategy } from './naming.js';
+import { OpenAPIParser } from '../openapi/openapi-parser.js';
+import { ProfileLoader } from '../profile/profile-loader.js';
+import { ToolGenerator } from '../tooling/tool-generator.js';
+import { applyParameterDefaults, normalizeArguments } from '../validation/argument-normalizer.js';
+import { CompositeExecutor } from '../tooling/composite-executor.js';
+import { ProxyDownloadExecutor } from '../tooling/proxy-executor.js';
+import { enforceFiltering, parseFilteringHeader } from '../core/filtering.js';
+import { ConfigurationError, OperationNotFoundError, ResourceNotFoundError, ValidationError, AuthenticationError, AuthorizationError, RateLimitError, NetworkError, generateCorrelationId } from '../core/errors.js';
+import { OAUTH_RATE_LIMIT } from '../core/constants.js';
+import { HttpClientFactory } from '../transport/http-client-factory.js';
+import { SchemaValidator } from '../validation/schema-validator.js';
+import { ConsoleLogger, JsonLogger } from '../core/logger.js';
+import { isInitializeRequest, isToolCallRequest } from '../validation/jsonrpc-validator.js';
+import { generateNameWarnings } from '../core/naming-warnings.js';
+import { NamingStrategy } from '../core/naming.js';
+import { isSafePropertyName } from '../validation/validation-utils.js';
+import { ToolFilterService, EnvConfigParser, HeaderConfigParser, RegexCompiler, RegexValidator, OperationClassifier, OpenAPIOperationResolver, OperationDetector, applySessionToolFilter, } from '../tool-filter/index.js';
+import { buildHttpTransportBaseConfig } from '../transport/http-transport-config.js';
 export class MCPServer {
     /**
-     * Filter response object to include only specified fields
-     * Supports nested objects but keeps first level of arrays
+     * Execute a tools/call request via the JSON-RPC handler.
+     * Intended for internal use and tests to avoid accessing private methods.
+     */
+    async callToolRpc(name, args, sessionId, requestId = 1) {
+        const message = {
+            jsonrpc: '2.0',
+            id: requestId,
+            method: 'tools/call',
+            params: {
+                name,
+                arguments: args,
+            },
+        };
+        return this.handleToolCall(message, sessionId);
+    }
+    /**
+     * Filter response payload to include only specified fields.
+     *
+     * Supports YouTrack-style field selectors like:
+     * - "author(id,login)"
+     * - "comments(id,text,author(id,login))"
+     *
+     * Recurses into nested objects and arrays when subfields are specified.
      */
     filterFields(data, fields) {
+        const selection = this.parseFieldSelection(fields);
+        return this.applyFieldSelection(data, selection);
+    }
+    parseFieldSelection(fields) {
+        const root = Object.create(null);
+        for (const field of fields) {
+            const trimmed = field.trim();
+            if (!trimmed)
+                continue;
+            this.mergeFieldSelector(root, trimmed);
+        }
+        return root;
+    }
+    mergeFieldSelector(target, selector) {
+        const parsed = this.parseFieldSelector(selector);
+        const baseName = parsed.baseName;
+        if (!baseName)
+            return;
+        if (!isSafePropertyName(baseName))
+            return;
+        if (!parsed.inner) {
+            target[baseName] = true;
+            return;
+        }
+        const inner = parsed.inner;
+        const subSelectors = this.splitTopLevel(inner);
+        const subTree = Object.create(null);
+        for (const sub of subSelectors) {
+            this.mergeFieldSelector(subTree, sub);
+        }
+        const existing = target[baseName];
+        if (existing === true)
+            return;
+        if (!existing) {
+            target[baseName] = subTree;
+            return;
+        }
+        this.mergeSelectionTrees(existing, subTree);
+    }
+    parseFieldSelector(selector) {
+        const trimmed = selector.trim();
+        if (!trimmed)
+            return { baseName: '' };
+        if (trimmed.startsWith('"')) {
+            const parsedQuoted = this.parseQuotedBase(trimmed);
+            if (parsedQuoted) {
+                const { baseName, rest } = parsedQuoted;
+                const remaining = rest.trim();
+                if (!remaining) {
+                    return { baseName };
+                }
+                if (remaining.startsWith('(') && remaining.endsWith(')')) {
+                    const inner = remaining.slice(1, -1).trim();
+                    return inner ? { baseName, inner } : { baseName };
+                }
+                return { baseName };
+            }
+        }
+        const openParen = trimmed.indexOf('(');
+        if (openParen === -1) {
+            return { baseName: trimmed };
+        }
+        const closeParen = trimmed.lastIndexOf(')');
+        if (closeParen === -1 || closeParen <= openParen) {
+            return { baseName: trimmed.slice(0, openParen).trim() };
+        }
+        const baseName = trimmed.slice(0, openParen).trim();
+        const inner = trimmed.slice(openParen + 1, closeParen).trim();
+        return inner ? { baseName, inner } : { baseName };
+    }
+    parseQuotedBase(input) {
+        let escaped = false;
+        let base = '';
+        for (let i = 1; i < input.length; i += 1) {
+            const ch = input[i];
+            if (escaped) {
+                base += ch;
+                escaped = false;
+                continue;
+            }
+            if (ch === '\\') {
+                escaped = true;
+                continue;
+            }
+            if (ch === '"') {
+                const rest = input.slice(i + 1);
+                return { baseName: base, rest };
+            }
+            base += ch;
+        }
+        return undefined;
+    }
+    mergeSelectionTrees(target, incoming) {
+        for (const [key, val] of Object.entries(incoming)) {
+            if (!isSafePropertyName(key))
+                continue;
+            const existing = target[key];
+            if (!existing) {
+                target[key] = val;
+                continue;
+            }
+            if (existing === true || val === true) {
+                target[key] = true;
+                continue;
+            }
+            this.mergeSelectionTrees(existing, val);
+        }
+    }
+    splitTopLevel(input) {
+        const result = [];
+        let depth = 0;
+        let current = '';
+        let inQuote = false;
+        let escaped = false;
+        for (const ch of input) {
+            if (escaped) {
+                current += ch;
+                escaped = false;
+                continue;
+            }
+            if (ch === '\\' && inQuote) {
+                current += ch;
+                escaped = true;
+                continue;
+            }
+            if (ch === '"') {
+                inQuote = !inQuote;
+                current += ch;
+                continue;
+            }
+            if (!inQuote) {
+                if (ch === '(')
+                    depth += 1;
+                if (ch === ')')
+                    depth = Math.max(0, depth - 1);
+            }
+            if (!inQuote && ch === ',' && depth === 0) {
+                const trimmed = current.trim();
+                if (trimmed)
+                    result.push(trimmed);
+                current = '';
+                continue;
+            }
+            current += ch;
+        }
+        const last = current.trim();
+        if (last)
+            result.push(last);
+        return result;
+    }
+    applyFieldSelection(data, selection) {
         if (!data || typeof data !== 'object') {
             return data;
         }
         if (Array.isArray(data)) {
-            return data.map(item => this.filterFields(item, fields));
+            return data.map(item => this.applyFieldSelection(item, selection));
         }
-        const filtered = {};
-        for (const field of fields) {
-            // Handle YouTrack-style fields: "author(id,login)" -> "author"
-            const baseFieldName = field.split('(')[0];
-            if (baseFieldName in data) {
-                filtered[baseFieldName] = data[baseFieldName];
+        const obj = data;
+        const filtered = Object.create(null);
+        for (const [key, sel] of Object.entries(selection)) {
+            if (!isSafePropertyName(key))
+                continue;
+            if (!Object.prototype.hasOwnProperty.call(obj, key))
+                continue;
+            const value = obj[key];
+            if (sel === true) {
+                filtered[key] = value;
+            }
+            else {
+                filtered[key] = this.applyFieldSelection(value, sel);
             }
         }
         return filtered;
@@ -80,6 +264,9 @@ export class MCPServer {
         if (error instanceof OperationNotFoundError) {
             return `Operation not found: ${error.message} (correlation ID: ${correlationId})`;
         }
+        if (error instanceof ResourceNotFoundError) {
+            return `${error.message} (correlation ID: ${correlationId})`;
+        }
         // Configuration errors - safe to show (helps admin fix setup)
         if (error instanceof ConfigurationError) {
             return `Configuration error: ${error.message} (correlation ID: ${correlationId})`;
@@ -126,6 +313,7 @@ export class MCPServer {
             // Check if we should warn about long names
             this.checkToolNameLengths();
         }
+        this.applyGlobalToolFiltering();
         // Re-create logger with auth config for token redaction
         const authConfigs = this.getAuthConfigs();
         if (authConfigs.length > 0) {
@@ -142,8 +330,8 @@ export class MCPServer {
         const envAuthConfig = this.getEnvBackedAuthConfig();
         const envVarName = envAuthConfig?.value_from_env;
         const envToken = envVarName ? process.env[envVarName] : undefined;
-        if (envAuthConfig && envToken) {
-            // Token available in env - create global client (stdio transport)
+        if ((envAuthConfig && envToken) || authConfigs.length === 0) {
+            // Token available in env (stdio) or no auth required - create global client
             const httpClient = this.httpClientFactory.createGlobalClient({
                 profile: this.profile,
                 baseUrl,
@@ -249,6 +437,59 @@ export class MCPServer {
         const oauthConfig = configs.find(c => c.type === 'oauth');
         return oauthConfig?.oauth_config;
     }
+    buildOAuthConfigWithAllowedRedirectHosts(oauthConfig) {
+        if (!oauthConfig) {
+            return undefined;
+        }
+        return {
+            ...oauthConfig,
+            allowed_redirect_hosts: oauthConfig.allowed_redirect_hosts
+                || (process.env.MCP4_ALLOWED_ORIGINS
+                    ? this.extractHostsFromOrigins(process.env.MCP4_ALLOWED_ORIGINS)
+                    : undefined),
+        };
+    }
+    getProfileIdValue() {
+        if (!this.profile) {
+            throw new ConfigurationError('Profile not initialized. Call initialize() first.');
+        }
+        const profileId = this.profile.profile_id?.trim() || this.profile.profile_name;
+        if (!profileId) {
+            throw new ConfigurationError('Profile is missing profile_id and profile_name.');
+        }
+        return profileId;
+    }
+    getOAuthRateLimitConfig() {
+        const authConfigs = this.getAuthConfigs();
+        const oauthAuthConfig = authConfigs.find(c => c.type === 'oauth');
+        const oauthRateLimit = oauthAuthConfig?.oauth_rate_limit;
+        const max = oauthRateLimit?.max_requests
+            || parseInt(process.env.MCP4_OAUTH_RATE_LIMIT_MAX || String(OAUTH_RATE_LIMIT.MAX_REQUESTS), 10);
+        const windowMs = oauthRateLimit?.window_ms
+            || parseInt(process.env.MCP4_OAUTH_RATE_LIMIT_WINDOW_MS || String(OAUTH_RATE_LIMIT.WINDOW_MS), 10);
+        return { max, windowMs };
+    }
+    getHttpProfileContext() {
+        if (!this.profile) {
+            throw new ConfigurationError('Profile not initialized. Call initialize() first.');
+        }
+        const authConfigs = this.getAuthConfigs();
+        const baseUrl = this.getBaseUrl();
+        const oauthConfig = this.buildOAuthConfigWithAllowedRedirectHosts(this.getOAuthConfig());
+        const resourceMetadata = this.parser.getResourceMetadata();
+        const oauthRateLimit = this.getOAuthRateLimitConfig();
+        return {
+            profileId: this.getProfileIdValue(),
+            oauthConfig,
+            authConfigs,
+            baseUrl,
+            rateLimitOAuthMax: oauthRateLimit.max,
+            rateLimitOAuthWindowMs: oauthRateLimit.windowMs,
+            resourceName: this.profile.resource_name || resourceMetadata.name || 'MCP Server',
+            resourceDocumentation: this.profile.resource_documentation || resourceMetadata.documentation,
+            parser: this.parser,
+        };
+    }
     /**
      * Extract hostnames from origin patterns for OAuth redirect validation
      * e.g., "http://localhost:*,https://app.example.com" -> ["localhost", "app.example.com"]
@@ -288,7 +529,7 @@ export class MCPServer {
     /**
      * Get or create HTTP client for session
      */
-    async getHttpClientForSession(sessionId) {
+    async getHttpClientForSession(sessionId, profileId) {
         if (!sessionId) {
             // Fallback to global client for stdio transport
             if (!this.httpClientFactory.hasGlobalClient()) {
@@ -311,7 +552,7 @@ export class MCPServer {
             throw new ConfigurationError('Profile not initialized. Call initialize() first.');
         }
         // Get auth token from session (ensures token is valid/refreshed)
-        const authToken = await this.getAuthTokenFromSession(sessionId);
+        const authToken = await this.getAuthTokenFromSession(sessionId, profileId);
         // Create or get session client using factory
         return this.httpClientFactory.getOrCreateSessionClient(sessionId, {
             profile: this.profile,
@@ -323,7 +564,7 @@ export class MCPServer {
      * Get auth token from HTTP transport session
      * Ensures token is valid (refreshes if expired) before returning
      */
-    async getAuthTokenFromSession(sessionId) {
+    async getAuthTokenFromSession(sessionId, profileId) {
         // Early return if sessionId is missing/empty
         // Prevents misleading warn logs with empty sessionId
         if (!sessionId) {
@@ -333,23 +574,24 @@ export class MCPServer {
             return undefined;
         }
         // Ensure token is valid (refresh if expired)
-        const isValid = await this.httpTransport.ensureValidSessionToken(sessionId);
+        const effectiveProfileId = profileId || this.getProfileIdValue();
+        const isValid = await this.httpTransport.ensureValidSessionToken(effectiveProfileId, sessionId);
         if (!isValid) {
-            this.logger.warn('Session token validation/refresh failed', { sessionId });
+            this.logger.warn('Session token validation/refresh failed', { profileId: effectiveProfileId, sessionId });
             // Still return token if available - let the API call fail with proper error
         }
         // Use public API instead of type casting
-        return this.httpTransport.getSessionToken(sessionId);
+        return this.httpTransport.getSessionToken(effectiveProfileId, sessionId);
     }
     /**
      * Cleanup HTTP client for destroyed session
      *
      * Why: Prevent memory leak - sessions expire but cached clients stay forever
      */
-    cleanupSessionClient(sessionId) {
+    cleanupSessionClient(profileId, sessionId) {
         const removed = this.httpClientFactory.cleanupSessionClient(sessionId);
         if (removed) {
-            this.logger.info('Cleaned up session HTTP client', { sessionId });
+            this.logger.info('Cleaned up session HTTP client', { profileId, sessionId });
         }
     }
     /**
@@ -383,7 +625,8 @@ export class MCPServer {
                 if (!toolDef) {
                     throw new OperationNotFoundError(request.params.name);
                 }
-                const args = request.params.arguments || {};
+                const rawArgs = request.params.arguments || {};
+                const args = applyParameterDefaults(toolDef, rawArgs);
                 // Validate arguments
                 this.toolGenerator.validateArguments(toolDef, args);
                 // Execute composite or simple tool
@@ -433,15 +676,16 @@ export class MCPServer {
      * Why separate: Simple tools map directly to single OpenAPI operation.
      * No result aggregation needed.
      */
-    async executeSimpleTool(toolDef, args, sessionId) {
+    async executeSimpleTool(toolDef, args, sessionId, profileId) {
+        const normalizedArgs = normalizeArguments(toolDef, args);
         this.logger.debug('Executing simple tool', {
             toolName: toolDef.name,
-            action: args['action'],
-            resourceType: args['resource_type'],
+            action: normalizedArgs['action'],
+            resourceType: normalizedArgs['resource_type'],
             sessionId
         });
         // Get operation definition (can be string or ProxyDownloadOperation)
-        const operationDef = this.toolGenerator.getOperationDefinition(toolDef, args);
+        const operationDef = this.toolGenerator.getOperationDefinition(toolDef, normalizedArgs);
         if (!operationDef) {
             throw new ValidationError(`Could not map tool action to operation`, {
                 toolName: toolDef.name,
@@ -452,7 +696,7 @@ export class MCPServer {
         }
         // Check if this is a proxy download operation
         if (typeof operationDef === 'object' && operationDef.type === 'proxy_download') {
-            return this.executeProxyDownload(operationDef, args, sessionId);
+            return this.executeProxyDownload(operationDef, normalizedArgs, sessionId, profileId);
         }
         // Regular string operation
         const operationId = operationDef;
@@ -461,9 +705,9 @@ export class MCPServer {
             throw new OperationNotFoundError(operationId);
         }
         // Build request
-        const path = this.resolvePath(operation.path, args);
-        const queryParams = this.extractQueryParams(operation, args);
-        const body = this.extractBody(operation, args, toolDef);
+        const path = this.resolvePath(operation.path, normalizedArgs);
+        const queryParams = this.extractQueryParams(operation, normalizedArgs);
+        const body = this.extractBody(operation, normalizedArgs, toolDef);
         this.logger.debug('Executing HTTP request', {
             operationId,
             method: operation.method,
@@ -482,9 +726,9 @@ export class MCPServer {
             }
         }
         // Execute with session-specific client
-        const httpClient = await this.getHttpClientForSession(sessionId);
+        const httpClient = await this.getHttpClientForSession(sessionId, profileId);
         // Set fields parameter if response_fields are configured for this action AND enabled
-        const action = args.action;
+        const action = normalizedArgs.action;
         if (toolDef.send_response_fields_as_param && toolDef.response_fields && action && toolDef.response_fields[action]) {
             const fields = toolDef.response_fields[action];
             queryParams.fields = fields.join(',');
@@ -497,7 +741,7 @@ export class MCPServer {
         // Apply response field filtering if configured
         let result = response.body;
         if (toolDef.response_fields) {
-            const action = args.action;
+            const action = normalizedArgs.action;
             if (action && toolDef.response_fields[action]) {
                 const fields = toolDef.response_fields[action];
                 result = this.filterFields(result, fields);
@@ -511,7 +755,7 @@ export class MCPServer {
      * Why: Some APIs return authenticated URLs that LLMs cannot fetch directly.
      * This proxies the download through the MCP server.
      */
-    async executeProxyDownload(operation, args, sessionId) {
+    async executeProxyDownload(operation, args, sessionId, profileId) {
         this.logger.debug('Executing proxy download', {
             metadataEndpoint: operation.metadata_endpoint,
             urlField: operation.url_field,
@@ -537,10 +781,10 @@ export class MCPServer {
             };
         }
         // Get auth credentials for download
-        const httpClient = await this.getHttpClientForSession(sessionId);
+        const httpClient = await this.getHttpClientForSession(sessionId, profileId);
         const authCredentials = httpClient.getAuthCredentials();
         // Execute proxy download
-        const proxyExecutor = new ProxyDownloadExecutor(httpClient);
+        const proxyExecutor = new ProxyDownloadExecutor(httpClient, this.logger);
         const result = await proxyExecutor.execute(operation, { path: metadataPath, method: metadataMethod }, authCredentials, directDownloadRequest);
         this.logger.debug('Proxy download completed', {
             fileName: result.fileName,
@@ -638,17 +882,47 @@ export class MCPServer {
                 pathOrQuery.add(param.name);
             }
         }
-        // Get body schema properties to check if path/query params should also be in body
+        // Get body schema and properties to check if path/query params should also be in body
+        let bodySchema;
         const bodySchemaProps = new Set();
         if (operation.requestBody?.content) {
-            // Check all content types (typically application/json)
-            for (const mediaType of Object.values(operation.requestBody.content)) {
-                if (mediaType.schema?.properties) {
-                    for (const propName of Object.keys(mediaType.schema.properties)) {
-                        bodySchemaProps.add(propName);
+            // Prefer application/json but accept any schema present
+            const jsonSchema = operation.requestBody.content['application/json']?.schema;
+            bodySchema = jsonSchema;
+            if (!bodySchema) {
+                for (const mediaType of Object.values(operation.requestBody.content)) {
+                    if (mediaType.schema) {
+                        bodySchema = mediaType.schema;
+                        break;
                     }
                 }
             }
+            if (bodySchema?.type === 'object' && bodySchema.properties) {
+                for (const propName of Object.keys(bodySchema.properties)) {
+                    bodySchemaProps.add(propName);
+                }
+            }
+        }
+        // Root array body support
+        if (bodySchema?.type === 'array') {
+            const explicit = args['body'] ?? args['items'];
+            if (explicit !== undefined) {
+                return explicit;
+            }
+            const arrayCandidates = [];
+            for (const [key, value] of Object.entries(args)) {
+                if (metadata.has(key))
+                    continue;
+                if (pathOrQuery.has(key))
+                    continue;
+                if (Array.isArray(value)) {
+                    arrayCandidates.push(value);
+                }
+            }
+            if (arrayCandidates.length === 1) {
+                return arrayCandidates[0];
+            }
+            return undefined;
         }
         const body = {};
         let hasBody = false;
@@ -683,58 +957,26 @@ export class MCPServer {
      * and resumability for reliable communication over HTTP.
      */
     async runHttp(host, port) {
-        const { HttpTransport } = await import('./http-transport.js');
-        // Get OAuth config from profile (supports multi-auth)
-        const oauthConfig = this.getOAuthConfig();
-        if (oauthConfig) {
+        const { HttpTransport } = await import('../transport/http-transport.js');
+        const profileContext = this.getHttpProfileContext();
+        if (profileContext.oauthConfig) {
             this.logger.info('OAuth authentication enabled for HTTP transport');
         }
-        // Get auth configs for token validation
-        const authConfigs = this.getAuthConfigs();
-        const baseUrl = this.getBaseUrl();
-        // Extract OAuth rate limit from profile (if configured)
-        const oauthAuthConfig = authConfigs.find(c => c.type === 'oauth');
-        const oauthRateLimit = oauthAuthConfig?.oauth_rate_limit;
-        // Extract resource metadata from OpenAPI spec or profile
-        const resourceMetadata = this.parser.getResourceMetadata();
+        const baseConfig = buildHttpTransportBaseConfig(host, port);
         const config = {
-            host,
-            port,
-            sessionTimeoutMs: parseInt(process.env.MCP4_SESSION_TIMEOUT_MS || String(TIMEOUTS.SESSION_TIMEOUT_MS), 10),
-            heartbeatEnabled: process.env.MCP4_HEARTBEAT_ENABLED === 'true',
-            heartbeatIntervalMs: parseInt(process.env.MCP4_HEARTBEAT_INTERVAL_MS || String(TIMEOUTS.HEARTBEAT_INTERVAL_MS), 10),
-            metricsEnabled: process.env.MCP4_METRICS_ENABLED === 'true',
-            metricsPath: process.env.MCP4_METRICS_PATH || '/metrics',
-            allowedOrigins: process.env.MCP4_ALLOWED_ORIGINS
-                ? process.env.MCP4_ALLOWED_ORIGINS.split(',').map(o => o.trim())
-                : undefined,
-            rateLimitEnabled: process.env.MCP4_HTTP_RATE_LIMIT_ENABLED !== 'false', // default: true
-            rateLimitWindowMs: parseInt(process.env.MCP4_HTTP_RATE_LIMIT_WINDOW_MS || String(TIMEOUTS.RATE_LIMIT_WINDOW_MS), 10),
-            rateLimitMaxRequests: parseInt(process.env.MCP4_HTTP_RATE_LIMIT_MAX_REQUESTS || '100', 10),
-            rateLimitMetricsMax: parseInt(process.env.MCP4_HTTP_RATE_LIMIT_METRICS_MAX || '10', 10),
+            ...baseConfig,
+            profileRoutingEnabled: false,
+            defaultProfileId: profileContext.profileId,
             // OAuth rate limiting (priority: profile > env vars > defaults)
-            rateLimitOAuthMax: oauthRateLimit?.max_requests
-                || parseInt(process.env.MCP4_OAUTH_RATE_LIMIT_MAX || String(OAUTH_RATE_LIMIT.MAX_REQUESTS), 10),
-            rateLimitOAuthWindowMs: oauthRateLimit?.window_ms
-                || parseInt(process.env.MCP4_OAUTH_RATE_LIMIT_WINDOW_MS || String(OAUTH_RATE_LIMIT.WINDOW_MS), 10),
-            maxTokenLength: process.env.MCP4_TOKEN_MAX_LENGTH
-                ? parseInt(process.env.MCP4_TOKEN_MAX_LENGTH, 10)
-                : undefined, // Uses default from http-transport.ts if undefined
-            // Pass OAuth config with allowed_redirect_hosts derived from MCP4_ALLOWED_ORIGINS
-            oauthConfig: oauthConfig ? {
-                ...oauthConfig,
-                allowed_redirect_hosts: oauthConfig.allowed_redirect_hosts
-                    || (process.env.MCP4_ALLOWED_ORIGINS
-                        ? this.extractHostsFromOrigins(process.env.MCP4_ALLOWED_ORIGINS)
-                        : undefined),
-            } : undefined,
-            baseUrl, // Pass base URL for token validation
-            authConfigs, // Pass auth configs for token validation
-            // OAuth resource metadata (priority: profile > OpenAPI > fallback)
-            resourceName: this.profile?.resource_name || resourceMetadata.name || 'MCP Server',
-            resourceDocumentation: this.profile?.resource_documentation || resourceMetadata.documentation,
-            sslCertFile: process.env.MCP4_SSL_CERT_FILE,
-            sslKeyFile: process.env.MCP4_SSL_KEY_FILE,
+            rateLimitOAuthMax: profileContext.rateLimitOAuthMax,
+            rateLimitOAuthWindowMs: profileContext.rateLimitOAuthWindowMs,
+            // OAuth config already merged with allowed_redirect_hosts
+            oauthConfig: profileContext.oauthConfig,
+            baseUrl: profileContext.baseUrl,
+            authConfigs: profileContext.authConfigs,
+            resourceName: profileContext.resourceName,
+            resourceDocumentation: profileContext.resourceDocumentation,
+            parser: profileContext.parser,
         };
         // Warn if binding to non-localhost without explicit MCP4_ALLOWED_ORIGINS
         const isLocalhost = host === 'localhost' || host === '127.0.0.1' || host === '::1';
@@ -743,37 +985,62 @@ export class MCPServer {
             this.logger.warn('Binding to non-localhost with empty MCP4_ALLOWED_ORIGINS. Set MCP4_ALLOWED_ORIGINS or bind to localhost.');
         }
         this.httpTransport = new HttpTransport(config, this.logger);
+        const metricsCollector = this.httpTransport.getMetricsCollector?.() || null;
+        this.httpClientFactory.setMetricsCollector(metricsCollector);
+        this.recordGlobalToolFilterMetrics();
         // Set message handler to process JSON-RPC messages
-        this.httpTransport.setMessageHandler(async (message, sessionId) => {
-            return await this.handleJsonRpcMessage(message, sessionId);
+        this.httpTransport.setMessageHandler(async (message, sessionId, profileId) => {
+            return await this.handleJsonRpcMessage(message, sessionId, profileId);
         });
         // Register cleanup listener for session destruction (memory leak prevention)
-        this.httpTransport.onSessionDestroyed((sessionId) => {
-            this.cleanupSessionClient(sessionId);
+        this.httpTransport.onSessionDestroyed((profileId, sessionId) => {
+            this.cleanupSessionClient(profileId, sessionId);
         });
         await this.httpTransport.start();
         this.logger.info('MCP server running on HTTP', { host, port });
     }
+    attachHttpTransport(transport) {
+        this.httpTransport = transport;
+        const metricsCollector = this.httpTransport.getMetricsCollector?.() || null;
+        this.httpClientFactory.setMetricsCollector(metricsCollector);
+    }
+    handleSessionDestroyed(profileId, sessionId) {
+        this.cleanupSessionClient(profileId, sessionId);
+    }
     /**
      * Handle JSON-RPC message from HTTP transport
      *
      * Why: Unified message handling for both stdio and HTTP transports
      */
-    async handleJsonRpcMessage(message, sessionId) {
+    async handleJsonRpcMessage(message, sessionId, profileId) {
         // Handle initialize
         if (isInitializeRequest(message)) {
-            return this.handleInitialize(message, sessionId);
+            return this.handleInitialize(message, sessionId, profileId);
         }
         // Handle tool calls
         if (isToolCallRequest(message)) {
-            return await this.handleToolCall(message, sessionId);
+            return await this.handleToolCall(message, sessionId, profileId);
         }
         // Handle other JSON-RPC requests
         // (tools/list, prompts/list, etc.)
-        return await this.handleOtherRequest(message, sessionId);
+        return await this.handleOtherRequest(message, sessionId, profileId);
+    }
+    async handleHttpMessage(message, sessionId, profileId) {
+        return this.handleJsonRpcMessage(message, sessionId, profileId);
     }
-    handleInitialize(message, sessionId) {
+    handleInitialize(message, sessionId, profileId) {
         const req = message;
+        const params = req.params;
+        if (!this.httpTransport && params?.filtering !== undefined) {
+            if (typeof params.filtering !== 'string') {
+                throw new ValidationError('Invalid X-Mcp4-Params header. Expected comma-separated key=value pairs.');
+            }
+            const parsed = parseFilteringHeader(params.filtering);
+            this.stdioFiltering = parsed.filtering;
+        }
+        if (this.httpTransport && sessionId) {
+            this.applySessionToolFiltering(sessionId, profileId);
+        }
         const result = {
             protocolVersion: '2025-03-26',
             serverInfo: {
@@ -796,14 +1063,14 @@ export class MCPServer {
             result,
         };
     }
-    async handleToolCall(message, sessionId) {
+    async handleToolCall(message, sessionId, profileId) {
         const req = message;
         const params = req.params;
         const toolName = params.name;
-        const args = params.arguments;
+        const rawArgs = params.arguments || {};
         // Check OAuth authentication for tool operations
-        if (this.httpTransport && this.httpTransport.hasOAuthProvider()) {
-            const authToken = await this.getAuthTokenFromSession(sessionId || '');
+        if (this.httpTransport && this.httpTransport.hasOAuthProvider(profileId)) {
+            const authToken = await this.getAuthTokenFromSession(sessionId || '', profileId);
             if (!authToken) {
                 // Return OAuth required error with WWW-Authenticate header
                 // This should trigger the OAuth flow in the client
@@ -815,7 +1082,7 @@ export class MCPServer {
                         message: 'Authentication required. Please authorize via OAuth.',
                         data: {
                             oauth_required: true,
-                            resource_metadata: `${this.httpTransport.getServerUrl()}/.well-known/oauth-protected-resource/mcp`,
+                            resource_metadata: this.httpTransport.getOAuthProtectedResourceUrl(profileId),
                             scope: 'api'
                         }
                     }
@@ -823,16 +1090,36 @@ export class MCPServer {
                 return errorResponse;
             }
         }
+        let args = rawArgs;
         try {
             // Find tool definition
             const toolDef = this.profile?.tools.find(t => t.name === toolName);
             if (!toolDef) {
-                throw new OperationNotFoundError(toolName);
+                throw new ResourceNotFoundError(toolName, 'Tool');
+            }
+            args = applyParameterDefaults(toolDef, rawArgs);
+            const toolFilter = this.getToolFilterForSession(sessionId, profileId);
+            if (toolFilter && !toolFilter.allowedToolNames.has(toolName)) {
+                this.recordToolFilterRejection(toolName, 'session');
+                const reason = toolFilter.reasons.get(toolName)?.[0];
+                const reasonSuffix = reason ? ` Blocked by: ${reason}.` : '';
+                throw new AuthorizationError(`Tool '${toolName}' not allowed by X-Mcp4-Tools filter.${reasonSuffix}`);
+            }
+            const filtering = this.getFilteringForSession(sessionId, profileId);
+            if (filtering) {
+                const operation = this.getFilteringOperationInfo(toolDef, args);
+                enforceFiltering({
+                    filtering,
+                    toolDef,
+                    args,
+                    parameterAliases: this.profile?.parameter_aliases,
+                    operation,
+                });
             }
             // Execute tool (reuse existing execution logic)
             let result;
             if (toolDef.composite && toolDef.steps) {
-                const httpClient = await this.getHttpClientForSession(sessionId);
+                const httpClient = await this.getHttpClientForSession(sessionId, profileId);
                 const compositeResult = await this.compositeExecutor.execute(toolDef.steps, args, toolDef.partial_results || false, httpClient);
                 result = {
                     data: compositeResult.data,
@@ -843,7 +1130,7 @@ export class MCPServer {
                 };
             }
             else {
-                result = await this.executeSimpleTool(toolDef, args, sessionId);
+                result = await this.executeSimpleTool(toolDef, args, sessionId, profileId);
             }
             return {
                 jsonrpc: '2.0',
@@ -888,6 +1175,9 @@ export class MCPServer {
             else if (error instanceof OperationNotFoundError) {
                 errorCode = -32601; // Method not found
             }
+            else if (error instanceof ResourceNotFoundError) {
+                errorCode = -32601; // Method not found
+            }
             return {
                 jsonrpc: '2.0',
                 id: req.id,
@@ -898,11 +1188,35 @@ export class MCPServer {
             };
         }
     }
-    async handleOtherRequest(message, sessionId) {
+    getFilteringForSession(sessionId, profileId) {
+        if (this.httpTransport && sessionId) {
+            const effectiveProfileId = profileId || this.getProfileIdValue();
+            return this.httpTransport.getSessionFiltering(effectiveProfileId, sessionId);
+        }
+        return this.stdioFiltering;
+    }
+    getToolFilterForSession(sessionId, profileId) {
+        if (this.httpTransport && sessionId && typeof this.httpTransport.getSessionToolFilter === 'function') {
+            const effectiveProfileId = profileId || this.getProfileIdValue();
+            return this.httpTransport.getSessionToolFilter(effectiveProfileId, sessionId);
+        }
+        return undefined;
+    }
+    getFilteringOperationInfo(toolDef, args) {
+        if (toolDef.composite) {
+            return undefined;
+        }
+        const operationId = this.toolGenerator.mapActionToOperation(toolDef, args);
+        if (!operationId) {
+            return undefined;
+        }
+        return this.parser.getOperation(operationId);
+    }
+    async handleOtherRequest(message, sessionId, profileId) {
         const req = message;
         // Check OAuth authentication for other operations (like tools/list)
-        if (this.httpTransport && this.httpTransport.hasOAuthProvider()) {
-            const authToken = await this.getAuthTokenFromSession(sessionId || '');
+        if (this.httpTransport && this.httpTransport.hasOAuthProvider(profileId)) {
+            const authToken = await this.getAuthTokenFromSession(sessionId || '', profileId);
             if (!authToken) {
                 // Return OAuth required error with WWW-Authenticate header
                 // This should trigger the OAuth flow in the client
@@ -914,7 +1228,7 @@ export class MCPServer {
                         message: 'Authentication required. Please authorize via OAuth.',
                         data: {
                             oauth_required: true,
-                            resource_metadata: `${this.httpTransport.getServerUrl()}/.well-known/oauth-protected-resource/mcp`,
+                            resource_metadata: this.httpTransport.getOAuthProtectedResourceUrl(profileId),
                             scope: 'api'
                         }
                     }
@@ -924,7 +1238,11 @@ export class MCPServer {
         }
         // Handle tools/list
         if (req.method === 'tools/list') {
-            const tools = this.profile?.tools.map(toolDef => this.toolGenerator.generateTool(toolDef)) || [];
+            const sessionFilter = this.getToolFilterForSession(sessionId, profileId);
+            const allowedSet = sessionFilter?.allowedToolNames;
+            const tools = this.profile?.tools
+                .filter(toolDef => !allowedSet || allowedSet.has(toolDef.name))
+                .map(toolDef => this.toolGenerator.generateTool(toolDef)) || [];
             return {
                 jsonrpc: '2.0',
                 id: req.id,
@@ -943,6 +1261,204 @@ export class MCPServer {
             },
         };
     }
+    applyGlobalToolFiltering() {
+        if (!this.profile) {
+            return;
+        }
+        // Initialize ToolFilterService if not already done
+        if (!this.toolFilterService) {
+            const validator = new RegexValidator();
+            const compiler = new RegexCompiler(validator);
+            const envParser = new EnvConfigParser(compiler);
+            const headerParser = new HeaderConfigParser(compiler);
+            // Create OperationDetector for category filtering
+            const classifier = new OperationClassifier();
+            const resolver = new OpenAPIOperationResolver(this.parser);
+            const detector = new OperationDetector(classifier, resolver);
+            this.toolFilterService = new ToolFilterService(envParser, headerParser, this.logger, detector);
+        }
+        const originalTools = this.profile.tools;
+        const originalCount = originalTools.length;
+        // Apply filtering using new service
+        const filteredTools = this.toolFilterService.applyGlobalFilter(originalTools, process.env);
+        const allowedCount = filteredTools.length;
+        const removedCount = originalCount - allowedCount;
+        // Early return if no filtering config present (service returned same tools)
+        if (filteredTools === originalTools) {
+            return;
+        }
+        // Validation: check if filter has no effect
+        if (originalCount > 0 && allowedCount === originalCount && removedCount === 0) {
+            throw new ConfigurationError(`Tool filter configuration has no effect. Original tool count: ${originalCount}, filtered: ${allowedCount}. Check MCP4_TOOL_FILTER_* patterns.`);
+        }
+        // Validation: check if all tools filtered
+        if (originalCount > 0 && allowedCount === 0) {
+            throw new ConfigurationError(`All tools filtered out (original: ${originalCount}). Check MCP4_TOOL_FILTER_* settings.`);
+        }
+        // Validate composite tools against filtered operations
+        const resolver = this.buildToolFilterResolver();
+        this.validateCompositeToolsAgainstFilteredOperations(originalTools, filteredTools, resolver);
+        // Update profile
+        this.profile.tools = filteredTools;
+        // Record summary for metrics
+        this.globalToolFilterSummary = {
+            originalCount,
+            allowedCount,
+            removedCount,
+            patternCounts: {
+                // Note: counts not available from new service, using simplified version
+                filtered: removedCount
+            }
+        };
+        // Warn if high percentage filtered
+        const warnThreshold = this.getToolFilterWarnThresholdPct();
+        if (originalCount > 0) {
+            const percentFiltered = (removedCount / originalCount) * 100;
+            if (percentFiltered >= warnThreshold) {
+                this.logger.warn('Tool filter removed high percentage of tools', {
+                    original: originalCount,
+                    surviving: allowedCount,
+                    threshold_pct: warnThreshold,
+                    removed_count: removedCount
+                });
+            }
+        }
+        if (this.httpTransport) {
+            this.recordGlobalToolFilterMetrics();
+        }
+    }
+    applySessionToolFiltering(sessionId, profileId) {
+        if (!this.httpTransport || !this.profile) {
+            return;
+        }
+        if (typeof this.httpTransport.getSessionToolFilterRequest !== 'function') {
+            return;
+        }
+        const effectiveProfileId = profileId || this.getProfileIdValue();
+        const request = this.httpTransport.getSessionToolFilterRequest(effectiveProfileId, sessionId);
+        if (!request) {
+            return;
+        }
+        const originalCount = this.profile.tools.length;
+        const resolver = this.buildToolFilterResolver();
+        const sessionFilter = applySessionToolFilter(this.profile.tools, request, resolver);
+        const allowedCount = sessionFilter.allowedToolNames.size;
+        if (allowedCount === originalCount) {
+            throw new ValidationError(`X-Mcp4-Tools filter has no effect for this session. Available tools: ${originalCount}, after filter: ${allowedCount}. Check patterns.`);
+        }
+        if (originalCount > 0 && allowedCount === 0) {
+            const sources = request.rawEntries.length > 0 ? request.rawEntries.join(', ') : 'none';
+            throw new ValidationError(`X-Mcp4-Tools filtered out all tools (original: ${originalCount}). Removed by: ${sources}. Check session filter configuration.`);
+        }
+        this.httpTransport.setSessionToolFilter(effectiveProfileId, sessionId, sessionFilter);
+        this.logger.info('Session tool filter applied', {
+            sessionId,
+            originalCount,
+            allowedCount,
+            patterns: request.rawEntries,
+        });
+        this.recordSessionToolFilterMetrics(sessionId, allowedCount, request);
+    }
+    buildToolFilterResolver() {
+        return {
+            getOperationById: (operationId) => this.parser.getOperation(operationId),
+            getOperationForCall: (call) => {
+                const [method, path] = call.split(' ');
+                if (!method || !path) {
+                    return undefined;
+                }
+                const pathInfo = this.parser.getPath(path);
+                return pathInfo?.operations[method.toLowerCase()];
+            },
+        };
+    }
+    validateCompositeToolsAgainstFilteredOperations(originalTools, allowedTools, resolver) {
+        const operationToTools = new Map();
+        for (const tool of originalTools) {
+            if (!tool.operations) {
+                continue;
+            }
+            for (const operationId of Object.values(tool.operations)) {
+                if (typeof operationId !== 'string') {
+                    continue;
+                }
+                const names = operationToTools.get(operationId) ?? [];
+                names.push(tool.name);
+                operationToTools.set(operationId, names);
+            }
+        }
+        const allowedOperationIds = new Set();
+        for (const tool of allowedTools) {
+            if (!tool.operations) {
+                continue;
+            }
+            for (const operationId of Object.values(tool.operations)) {
+                if (typeof operationId !== 'string') {
+                    continue;
+                }
+                allowedOperationIds.add(operationId);
+            }
+        }
+        for (const tool of allowedTools) {
+            if (!tool.composite || !tool.steps) {
+                continue;
+            }
+            for (const step of tool.steps) {
+                const operation = resolver.getOperationForCall(step.call);
+                if (!operation) {
+                    continue;
+                }
+                if (allowedOperationIds.has(operation.operationId)) {
+                    continue;
+                }
+                const removedTools = operationToTools.get(operation.operationId);
+                if (!removedTools || removedTools.length === 0) {
+                    continue;
+                }
+                const removedList = removedTools.join(', ');
+                throw new ConfigurationError(`Composite tool '${tool.name}' step '${step.call}' calls filtered tool '${removedList}'. ` +
+                    `Add '${removedList}' to filter or include _allow_list or _allow_read if it is a list or read operation.`);
+            }
+        }
+    }
+    getToolFilterWarnThresholdPct() {
+        const raw = process.env.MCP4_TOOL_FILTER_WARN_THRESHOLD_PCT;
+        if (raw === undefined) {
+            return 90;
+        }
+        const parsed = Number(raw);
+        if (Number.isNaN(parsed) || parsed <= 0) {
+            throw new ConfigurationError(`Invalid MCP4_TOOL_FILTER_WARN_THRESHOLD_PCT: expected positive number, got '${raw}'.`);
+        }
+        return parsed;
+    }
+    recordGlobalToolFilterMetrics() {
+        if (!this.httpTransport || !this.globalToolFilterSummary) {
+            return;
+        }
+        if (typeof this.httpTransport.recordGlobalToolFilterMetrics !== 'function') {
+            return;
+        }
+        this.httpTransport.recordGlobalToolFilterMetrics(this.globalToolFilterSummary);
+    }
+    recordSessionToolFilterMetrics(sessionId, allowedCount, request) {
+        if (!this.httpTransport) {
+            return;
+        }
+        if (typeof this.httpTransport.recordSessionToolFilterMetrics !== 'function') {
+            return;
+        }
+        this.httpTransport.recordSessionToolFilterMetrics(sessionId, allowedCount, request);
+    }
+    recordToolFilterRejection(toolName, source) {
+        if (!this.httpTransport) {
+            return;
+        }
+        if (typeof this.httpTransport.recordToolFilterRejection !== 'function') {
+            return;
+        }
+        this.httpTransport.recordToolFilterRejection(toolName, source);
+    }
     /**
      * Stop the MCP server gracefully
      *